The history of the computers, software, digital, cyber and whatever you call it, in this expansive system security has always been an afterthought. Security has never been by design and hence it was not in the default state. It had to be added in a variety of ways and digital life moved on. Think of a situation where an automobile manufacturer does not take responsibility for the safety& of the vehicle – safety by design. This analogy would make many things clear. Because of this approach we have become beleaguered in our digital journey.
The need for cyber security is all around, the challenge it is being met or not, and if it is met, then what is the quality. It would not be an exaggeration to say that cyber criminals are calling the shots, with very little chance of anything happening to them. As we move into the AI Age and if we continue on the beaten path of cyber security, maybe we are looking at our near nemesis. The recent breach of DeepSeek opens floodgates to the DarkWeb. This needs to be taken as a critical wake up call. AI security is a different ball game all together, more so when the Dark Web stands ready to capitalise on every vulnerability.
The recent DeepSeek security breach raises alarming questions about where the exposed data may have ended up. Shortly after DeepSeek’s release, security researchers uncovered extensive vulnerabilities in the systems infrastructure. Organisations rushing to adopt AI technologies without property security controls are putting all of us in a precarious and a compromising situation. AI systems are getting integrated into the core business operations and hence the risk is beyond the traditional cybersecurity concerns, and can lead to catastrophic damage to operations and reputation.
Is the AI age while relieving us of drudgery and creating time of productive work is making us lame ducks? That seems to be the case. The DeepSeek vulnerabilities show a disturbing trend in the way AI organisations approach Cyber Security. What was uncovered and who did it? It was uncovered by Wiz Research. They uncovered a publicly accessible ClickHouse database of DeepSeek. What did it contain? It had more than a million lines* of log streams with highly sensitive information. So what was out in the open? It was chats, API keys and secrets,* backend details and operational metadata.
WITH THE NATURE OF RISKS EXPOSED, WE NEED TO TAKE A MUCH MORE MEASURED AND CALIBRATED APPROACH TO THE ADOPTION OF ARTIFICIAL INTELLIGENCE MODELS AND TOOLS.
Sanjay Sahay
Have a nice evening.